Revision tags: pgoyette-compat-20190127 pgoyette-compat-20190118 pgoyette-compat-1226 pgoyette-compat-1126 pgoyette-compat-1020 pgoyette-compat-0930 pgoyette-compat-0906 pgoyette-compat-0728 phil-wifi-base pgoyette-compat-0625 pgoyette-compat-0521
|
#
1.41 |
|
19-May-2018 |
maxv |
Use strict prototypes, when they don't introduce more warnings than they fix. Also localify a few functions.
|
#
1.40 |
|
19-May-2018 |
maxv |
Remove unused variables.
|
Revision tags: netbsd-7-2-RELEASE netbsd-8-0-RELEASE netbsd-8-0-RC2 pgoyette-compat-0502 pgoyette-compat-0422 netbsd-8-0-RC1 pgoyette-compat-0415 pgoyette-compat-0407 pgoyette-compat-0330 pgoyette-compat-0322 pgoyette-compat-0315 netbsd-7-1-2-RELEASE pgoyette-compat-base netbsd-7-1-1-RELEASE matt-nb8-mediatek-base perseant-stdc-iso10646-base netbsd-8-base prg-localcount2-base3 prg-localcount2-base2 prg-localcount2-base1 prg-localcount2-base pgoyette-localcount-20170426 bouyer-socketcan-base1 pgoyette-localcount-20170320 netbsd-7-1-RELEASE netbsd-7-1-RC2 netbsd-7-nhusb-base-20170116 bouyer-socketcan-base pgoyette-localcount-20170107 netbsd-7-1-RC1 pgoyette-localcount-20161104 netbsd-7-0-2-RELEASE localcount-20160914 netbsd-7-nhusb-base pgoyette-localcount-20160806 pgoyette-localcount-20160726 pgoyette-localcount-base netbsd-7-0-1-RELEASE netbsd-7-0-RELEASE netbsd-7-0-RC3 netbsd-7-0-RC2 netbsd-7-0-RC1 netbsd-7-base yamt-pagecache-base9 tls-earlyentropy-base riastradh-xf86-video-intel-2-7-1-pre-2-21-15 riastradh-drm2-base3 riastradh-drm2-base2 riastradh-drm2-base1 riastradh-drm2-base tls-maxphys-base
|
#
1.39 |
|
03-Jun-2013 |
tteras |
branches: 1.39.26; From Alexander Sbitnev <alexander.sbitnev@gmail.com>: fix admin port establish-sa for tunnel mode SAs.
|
Revision tags: netbsd-6-0-6-RELEASE netbsd-6-1-5-RELEASE yamt-pagecache-tag8 netbsd-6-1-4-RELEASE netbsd-6-0-5-RELEASE netbsd-6-1-3-RELEASE netbsd-6-0-4-RELEASE netbsd-6-1-2-RELEASE netbsd-6-0-3-RELEASE netbsd-6-1-1-RELEASE netbsd-6-0-2-RELEASE netbsd-6-1-RELEASE netbsd-6-1-RC4 netbsd-6-1-RC3 agc-symver-base netbsd-6-1-RC2 netbsd-6-1-RC1 yamt-pagecache-base8 ipsec-tools-0_8_1 netbsd-6-0-1-RELEASE yamt-pagecache-base7 matt-nb6-plus-nbase yamt-pagecache-base6 netbsd-6-0-RELEASE netbsd-6-0-RC2 matt-nb6-plus-base netbsd-6-0-RC1 yamt-pagecache-base5 yamt-pagecache-base4 netbsd-6-base yamt-pagecache-base3 yamt-pagecache-base2 yamt-pagecache-base cherry-xenmp-base ipsec-tools-0_8_0 bouyer-quota2-nbase bouyer-quota2-base matt-mips64-premerge-20101231
|
#
1.38 |
|
08-Dec-2010 |
tteras |
branches: 1.38.4; 1.38.8; 1.38.14; Use separate SA addresses for phase2's created by admin command. The phase2 startup overwrites src/dst with ISAKMP ports if they are zero and we don't want that to happen for the SA ports.
|
#
1.37 |
|
12-Nov-2010 |
tteras |
isakmp_post_acquire is now called from admin commands too, add a flag so admin commands can be used to establish even passive links on demand.
|
#
1.36 |
|
12-Nov-2010 |
tteras |
Extern admin protocol to allow reply packets to exceed 64kb. E.g SA dumps with many established SAs can be easily over the limit.
|
#
1.35 |
|
21-Oct-2010 |
tteras |
Introduce priorities for file descriptor polling mechanism and give priority to admin port. If admin port is used by ISAKMP-SA hook scripts they should be preferred, other wise heavy traffic can delay admin port requests considerably. This in turn may cause renegotiation loop for ISAKMP-SA. This is mostly useful for OpenNHRP setup, but can benefit other setups too.
|
#
1.34 |
|
21-Oct-2010 |
tteras |
Remove initial-contact entry when all ISAKMP-SA are purged via adminport. This will avoid stale security associations if some of the delete notifications happens to get lost.
|
#
1.33 |
|
22-Sep-2010 |
vanhu |
get the correct length of username when processing ADMIN_LOGOUT_USER, patch by rweikusat (at) mssgmbh.com
|
Revision tags: matt-premerge-20091211
|
#
1.32 |
|
03-Sep-2009 |
tteras |
When rekeying phase2 use phase1 used to negotiate phase2 as a hint to select the phase1 for rekeying the new phase2.
|
#
1.31 |
|
03-Jul-2009 |
tteras |
Get rid of the evil CMPSADDR macro. Trac #295.
|
Revision tags: jym-xensuspend-nbase jym-xensuspend-base
|
#
1.30 |
|
20-Apr-2009 |
tteras |
Originally from Bin Li: Fix a crash with racoonctl logout user.
|
#
1.29 |
|
12-Mar-2009 |
tteras |
Support multiple anonymous remotes and decide remoteconf based on identity, received certificates and other information. General code clean up.
|
#
1.28 |
|
23-Jan-2009 |
tteras |
branches: 1.28.2; Remove "fastquit" configure option and make it the default behaviour. The previous normal behaviour is buggy, as after flush kernel can immediately create larval SA:s which would prevent exit.
|
#
1.27 |
|
23-Dec-2008 |
tteras |
rewrite local address detection make some functions static that arr not needed globally rework how fd_set is construction for the main loop select()
|
Revision tags: netbsd-5-0-RC1 netbsd-5-base matt-mips64-base2
|
#
1.26 |
|
19-Sep-2008 |
tteras |
branches: 1.26.4; Implement ISAKMP SA rekeying configurable with rekey {on|off|force} option in remote conf.
|
Revision tags: wrstuden-revivesa-base-3 wrstuden-revivesa-base-2
|
#
1.25 |
|
29-Aug-2008 |
gmcgarry |
Eliminate gcc-specific feature of unnamed structures added recently.
|
Revision tags: wrstuden-revivesa-base-1 wrstuden-revivesa-base
|
#
1.24 |
|
18-Jun-2008 |
mgrooms |
Add an admin port command to retrieve the peer certificate. Submitted by Timo Teras.
|
#
1.23 |
|
18-Jun-2008 |
mgrooms |
Set sockets to be closed on exec to avoid potential file descriptor inheritance issues. Submitted by Timo Teras.
|
#
1.22 |
|
18-Jun-2008 |
mgrooms |
Use utility functions to evaluate and manipulate network port values. No functional changes. Submitted by Timo Teras.
|
#
1.21 |
|
18-Jun-2008 |
mgrooms |
Admin port code cleanup. No functional changes. Submitted by Timo Teras.
|
Revision tags: yamt-pf42-base4 yamt-pf42-base3 hpcarm-cleanup-nbase yamt-pf42-baseX yamt-pf42-base2 yamt-pf42-base keiichi-mipv6-base matt-armv6-nbase
|
#
1.20 |
|
06-Mar-2008 |
mgrooms |
branches: 1.20.4; Add the ability to initiate IPsec SA negotiations using the admin socket. Submitted by Timo Teras.
|
#
1.19 |
|
06-Mar-2008 |
mgrooms |
Refactor admin socket event protocol to be less error prone. Backwards compatibility is provided. Submitted by Timo Teras.
|
Revision tags: matt-armv6-prevmlocking cube-autoconf-base matt-armv6-base matt-mips64-base hpcarm-cleanup-base
|
#
1.18 |
|
18-Jul-2007 |
vanhu |
branches: 1.18.4; 1.18.8; 1.18.10; use a single PATH_IPSEC_H to fix some path_to_ipsec.h issues
|
Revision tags: ipsec-tools-0_7-rc1 ipsec-tools-0_7-RC1 ipsec-tools-0_7-beta3 ipsec-tools-0_7-beta2 ipsec-tools-0_7-beta1 ipsec-tools-0_7-base netbsd-4-base
|
#
1.17 |
|
03-Oct-2006 |
manu |
branches: 1.17.2; 1.17.4; 1.17.6; fix endianness issue introduced yesterday
|
#
1.16 |
|
02-Oct-2006 |
manu |
Fix memory leak (Coverity 2002)
|
#
1.15 |
|
02-Oct-2006 |
manu |
Fix memory leak (Coverity 2001), refactor the code to use port get/set functions
|
#
1.14 |
|
02-Oct-2006 |
manu |
Avoid reusing free'd pointer (Coverity 4200)
|
#
1.13 |
|
30-Sep-2006 |
manu |
Do not free id and key, as they are used later
|
#
1.12 |
|
26-Sep-2006 |
manu |
Remove dead code (Coverity)
|
#
1.11 |
|
26-Sep-2006 |
manu |
Fix memory leak (Coverity)
|
#
1.10 |
|
26-Sep-2006 |
manu |
One more memory leak
|
#
1.9 |
|
26-Sep-2006 |
manu |
Fix memory leak in racoonctl (coverity)
|
#
1.8 |
|
09-Sep-2006 |
manu |
Migration of ipsec-tools to NetBSD CVS part 2: resolving the import conflicts. Since we previously had a release branch and we import here the HEAD of CVS, let's assume all local changes are to be dumped. Local patches should have been propagated upstream, anyway.
|
Revision tags: abandoned-netbsd-4-base
|
#
1.7 |
|
21-Nov-2005 |
manu |
Merge ipsec-tools 0.6.3 import
|
#
1.6 |
|
20-Aug-2005 |
manu |
Update to ipsec-tools 0.6.1
|
#
1.5 |
|
07-Aug-2005 |
manu |
Resolve conflicts caused by recent ipsec-tools-0.6.1rc1 import by prefering the newer software. Some useful local change might have been overwritten, we'll take care of this soon.
|
#
1.4 |
|
12-Jul-2005 |
manu |
Don't use adminport when it is disabled
|
#
1.3 |
|
08-May-2005 |
manu |
More NAT-T fixes for the situation where racoon acts as a VPN client Flush SA and generated SP on DPD timeout and deletion payloads
|
#
1.2 |
|
14-Apr-2005 |
wiz |
all SA -> all SAs.
|
#
1.1 |
|
12-Feb-2005 |
manu |
branches: 1.1.1; Initial revision
|
#
1.39 |
|
02-Jun-2013 |
tteras |
From Alexander Sbitnev <alexander.sbitnev@gmail.com>: fix admin port establish-sa for tunnel mode SAs.
|
#
1.38 |
|
08-Dec-2010 |
tteras |
branches: 1.38.4; 1.38.8; 1.38.14; Use separate SA addresses for phase2's created by admin command. The phase2 startup overwrites src/dst with ISAKMP ports if they are zero and we don't want that to happen for the SA ports.
|
#
1.37 |
|
12-Nov-2010 |
tteras |
isakmp_post_acquire is now called from admin commands too, add a flag so admin commands can be used to establish even passive links on demand.
|
#
1.36 |
|
12-Nov-2010 |
tteras |
Extern admin protocol to allow reply packets to exceed 64kb. E.g SA dumps with many established SAs can be easily over the limit.
|
#
1.35 |
|
21-Oct-2010 |
tteras |
Introduce priorities for file descriptor polling mechanism and give priority to admin port. If admin port is used by ISAKMP-SA hook scripts they should be preferred, other wise heavy traffic can delay admin port requests considerably. This in turn may cause renegotiation loop for ISAKMP-SA. This is mostly useful for OpenNHRP setup, but can benefit other setups too.
|
#
1.34 |
|
21-Oct-2010 |
tteras |
Remove initial-contact entry when all ISAKMP-SA are purged via adminport. This will avoid stale security associations if some of the delete notifications happens to get lost.
|
#
1.33 |
|
22-Sep-2010 |
vanhu |
get the correct length of username when processing ADMIN_LOGOUT_USER, patch by rweikusat (at) mssgmbh.com
|
#
1.32 |
|
03-Sep-2009 |
tteras |
When rekeying phase2 use phase1 used to negotiate phase2 as a hint to select the phase1 for rekeying the new phase2.
|
#
1.31 |
|
03-Jul-2009 |
tteras |
Get rid of the evil CMPSADDR macro. Trac #295.
|
#
1.30 |
|
20-Apr-2009 |
tteras |
Originally from Bin Li: Fix a crash with racoonctl logout user.
|
#
1.29 |
|
12-Mar-2009 |
tteras |
Support multiple anonymous remotes and decide remoteconf based on identity, received certificates and other information. General code clean up.
|
#
1.28 |
|
23-Jan-2009 |
tteras |
branches: 1.28.2; Remove "fastquit" configure option and make it the default behaviour. The previous normal behaviour is buggy, as after flush kernel can immediately create larval SA:s which would prevent exit.
|
#
1.27 |
|
23-Dec-2008 |
tteras |
rewrite local address detection make some functions static that arr not needed globally rework how fd_set is construction for the main loop select()
|
#
1.26 |
|
19-Sep-2008 |
tteras |
branches: 1.26.4; Implement ISAKMP SA rekeying configurable with rekey {on|off|force} option in remote conf.
|
#
1.25 |
|
28-Aug-2008 |
gmcgarry |
Eliminate gcc-specific feature of unnamed structures added recently.
|
#
1.24 |
|
18-Jun-2008 |
mgrooms |
Add an admin port command to retrieve the peer certificate. Submitted by Timo Teras.
|
#
1.23 |
|
18-Jun-2008 |
mgrooms |
Set sockets to be closed on exec to avoid potential file descriptor inheritance issues. Submitted by Timo Teras.
|
#
1.22 |
|
18-Jun-2008 |
mgrooms |
Use utility functions to evaluate and manipulate network port values. No functional changes. Submitted by Timo Teras.
|
#
1.21 |
|
18-Jun-2008 |
mgrooms |
Admin port code cleanup. No functional changes. Submitted by Timo Teras.
|
#
1.20 |
|
05-Mar-2008 |
mgrooms |
branches: 1.20.4; Add the ability to initiate IPsec SA negotiations using the admin socket. Submitted by Timo Teras.
|
#
1.19 |
|
05-Mar-2008 |
mgrooms |
Refactor admin socket event protocol to be less error prone. Backwards compatibility is provided. Submitted by Timo Teras.
|
#
1.18 |
|
18-Jul-2007 |
vanhu |
branches: 1.18.4; 1.18.8; 1.18.10; use a single PATH_IPSEC_H to fix some path_to_ipsec.h issues
|
#
1.17 |
|
03-Oct-2006 |
manu |
branches: 1.17.2; 1.17.4; 1.17.6; fix endianness issue introduced yesterday
|
#
1.16 |
|
02-Oct-2006 |
manu |
Fix memory leak (Coverity 2002)
|
#
1.15 |
|
02-Oct-2006 |
manu |
Fix memory leak (Coverity 2001), refactor the code to use port get/set functions
|
#
1.14 |
|
02-Oct-2006 |
manu |
Avoid reusing free'd pointer (Coverity 4200)
|
#
1.13 |
|
30-Sep-2006 |
manu |
Do not free id and key, as they are used later
|
#
1.12 |
|
26-Sep-2006 |
manu |
Remove dead code (Coverity)
|
#
1.11 |
|
26-Sep-2006 |
manu |
Fix memory leak (Coverity)
|
#
1.10 |
|
26-Sep-2006 |
manu |
One more memory leak
|
#
1.9 |
|
26-Sep-2006 |
manu |
Fix memory leak in racoonctl (coverity)
|
#
1.8 |
|
08-Sep-2006 |
manu |
Migration of ipsec-tools to NetBSD CVS part 2: resolving the import conflicts. Since we previously had a release branch and we import here the HEAD of CVS, let's assume all local changes are to be dumped. Local patches should have been propagated upstream, anyway.
|
#
1.7 |
|
21-Nov-2005 |
manu |
Merge ipsec-tools 0.6.3 import
|
#
1.6 |
|
19-Aug-2005 |
manu |
Update to ipsec-tools 0.6.1
|
#
1.5 |
|
07-Aug-2005 |
manu |
Resolve conflicts caused by recent ipsec-tools-0.6.1rc1 import by prefering the newer software. Some useful local change might have been overwritten, we'll take care of this soon.
|
#
1.4 |
|
12-Jul-2005 |
manu |
Don't use adminport when it is disabled
|
#
1.3 |
|
08-May-2005 |
manu |
More NAT-T fixes for the situation where racoon acts as a VPN client Flush SA and generated SP on DPD timeout and deletion payloads
|
#
1.2 |
|
14-Apr-2005 |
wiz |
all SA -> all SAs.
|
#
1.1 |
|
12-Feb-2005 |
manu |
branches: 1.1.1; Initial revision
|
#
1.1.1.4 |
|
08-Sep-2006 |
manu |
Migrate ipsec-tools CVS to cvs.netbsd.org
|
#
1.1.1.3 |
|
07-Aug-2005 |
manu |
Update ipsec-tools to 0.6.1rc1 Most of the changes since 0.6b4 have already been committed to the NetBSD tree. This upgrade fixes some IPcomp and NAT-T related problems that were left unadressed in the NetBSD tree.
|
#
1.1.1.2 |
|
23-Feb-2005 |
manu |
branches: 1.1.1.2.2; Import ipsec-tools 0.6 branch as of 2005/02/23. News from last imported version according to ipsec-tools' ChangeLog:
2005-02-23 Emmanuel Dreyfus <manu@netbsd.org>
* configure.ac, src/racoon/{Makefile.am|crypto_openssl.c}: optionnal support for patented algorithms: IDEA and RC5. * src/racoon/{isakmp_xauth.c|main.c}: don't initialize RADIUS if it is not required in the configuration * src/racoon/isakmp.c: do not reject addresses for which kernel refused UDP encapsulation, they can still be used for non NAT-T traffic (eg: NAT-T enabled racoon on non NAT-T enabled kernel)
2005-02-18 Emmanuel Dreyfus <manu@netbsd.org>
* src/racoon/{main.c|eaytest.c|plairsa-gen.c} src/setkey/setkey.c: don't use fuzzy paths for package_version.h
2005-02-18 Yvan Vanhullebus <vanhu@free.fr>
* src/racoon/isakmp_inf.c: Purge generated SPDs when getting a related DELETE_SA * src/racoon/pfkey.c: do NOT unbindph12() when SA acquire
2005-02-17 Emmanuel Dreyfus <manu@netbsd.org>
From Fred Senault <fred.letter@lacave.net> * src/racoon/remoteconf.c: Fix a bug in script init
2005-02-17 Yvan Vanhullebus <vanhu@free.fr>
* src/racoon/ipsec_doi.c: Workaround for phase1 lifetime checks
2005-02-15 Michal Ludvig <michal@logix.cz>
* configure.ac: Changed --enable-natt_NN to --enable-natt-versions=NN,NN
|
#
1.1.1.1 |
|
12-Feb-2005 |
manu |
Import ipsec-tools (tag ipsec-tools-0_6-base in ipsec-tools CVS) ipsec-tools is a fork from KAME racoon/libipsec/setkey, with many enhancements.
|
#
1.1.1.2.2.4 |
|
21-Nov-2005 |
tron |
Apply patch (requested by manu in ticket #981): Update ipsec-tools to version 0.6.3.
|
#
1.1.1.2.2.3 |
|
03-Sep-2005 |
snj |
Apply patch (requested by tron in ticket #741): Update ipsec-tools to version 0.6.1.
|
#
1.1.1.2.2.2 |
|
12-Jul-2005 |
tron |
Pull up revision 1.4 (requested by manu in ticket #581): Don't use adminport when it is disabled
|
#
1.1.1.2.2.1 |
|
11-May-2005 |
tron |
Pull up revision 1.3 (requested by manu in ticket #277): More NAT-T fixes for the situation where racoon acts as a VPN client Flush SA and generated SP on DPD timeout and deletion payloads
|
#
1.17.6.3 |
|
20-Apr-2009 |
tteras |
Originally from Bin Li: Fix a crash with racoonctl logout user.
|
#
1.17.6.2 |
|
18-Jun-2008 |
mgrooms |
Use utility functions to evaluate and manipulate network port values. No functional changes. Submitted by Timo Teras.
|
#
1.17.6.1 |
|
01-Aug-2007 |
vanhu |
use a single PATH_IPSEC_H to fix some path_to_ipsec.h issues
|
#
1.17.4.2 |
|
04-Sep-2008 |
skrll |
Sync with netbsd-4.
|
#
1.17.4.1 |
|
03-Sep-2007 |
wrstuden |
Sync w/ NetBSD-4-RC_1
|
#
1.17.2.2 |
|
18-Aug-2008 |
jdc |
Upgrade ipsec-tools to release 0.7.1 (requested by manu in ticket #1183).
|
#
1.17.2.1 |
|
28-Aug-2007 |
liamjfoy |
branches: 1.17.2.1.2; Pull up following revision(s) (requested by manu in ticket #830):
Import ipsec-tools 0.7
|
#
1.17.2.1.2.1 |
|
18-Aug-2008 |
jdc |
Upgrade ipsec-tools to release 0.7.1 (requested by manu in ticket #1183).
|
#
1.18.10.2 |
|
18-Jul-2007 |
vanhu |
use a single PATH_IPSEC_H to fix some path_to_ipsec.h issues
|
#
1.18.10.1 |
|
18-Jul-2007 |
vanhu |
file admin.c was added on branch matt-mips64 on 2007-07-18 12:07:52 +0000
|
#
1.18.8.1 |
|
24-Mar-2008 |
keiichi |
sync with head.
|
#
1.18.4.1 |
|
22-Mar-2008 |
matt |
sync with HEAD
|
#
1.20.4.2 |
|
17-Sep-2008 |
wrstuden |
Sync with wrstuden-revivesa-base-2.
|
#
1.20.4.1 |
|
22-Jun-2008 |
wrstuden |
Sync w/ -current. 34 merge conflicts to follow.
|
#
1.26.4.1 |
|
08-Feb-2009 |
snj |
Apply patch (requested by manu/spz in #378): Downgrade ipsec-tools to 0.7.1nb1.
|
#
1.28.2.1 |
|
13-May-2009 |
jym |
Sync with HEAD.
Third (and last) commit. See http://mail-index.netbsd.org/source-changes/2009/05/13/msg221222.html
|
#
1.38.14.1 |
|
23-Jun-2013 |
tls |
resync from head
|
#
1.38.8.1 |
|
22-May-2014 |
yamt |
sync with head.
for a reference, the tree before this commit was tagged as yamt-pagecache-tag8.
this commit was splitted into small chunks to avoid a limitation of cvs. ("Protocol error: too many arguments")
|
#
1.38.4.1 |
|
02-Jun-2013 |
tteras |
From Alexander Sbitnev <alexander.sbitnev@gmail.com>: fix admin port establish-sa for tunnel mode SAs.
|